Slow rules inserting in UFW

rulesufw

I need to block about 10 000 IP addresses in my firewall, I have all IP addresses in file, so I run this command from command line:

while read line; do sudo ufw insert 1 deny from $line; done < IP_addresses

And it works, it inserts rules, but it is very slow, it inserts about 1 rule per second, is possible to make it faster?

It is running on Debian 9 with 1 CPU core of Xeon (VPS).

Best Answer

A faster way may be to add these to the /etc/ufw/before.rules file.

You could generate the lines to be inserted with your for loop by doing the following

for line in `cat IP_addresses`; do echo "-A ufw-before-input -s $line -j DROP" >> rules.out ; done

You can then place that output in the rules.out file into the /etc/ufw/before.rules file following the line that reads:

# End required lines

This is using the instructions found at https://www.cyberciti.biz/faq/how-to-block-an-ip-address-with-ufw-on-ubuntu-linux-server/ as the basis. The pertinent section is the last one titled Tip: UFW NOT blocking an IP address

Related Topic